Canada

A security researcher reveals flaws in Zoom that could allow attackers to take over your Mac

Zoom’s auto-update option can help ensure users have the latest, safest version of the video conferencing software, which has had numerous privacy and security issues over the years. However, a Mac security researcher reported vulnerabilities he found in the tool that attackers could use to gain full control of a victim’s computer at this year’s DefCon. According to Wired, Patrick Wardle presented two vulnerabilities during the conference. He found the first in the app’s signature checker, which verifies the integrity of the installed update and checks it to make sure it’s a new version of Zoom. In other words, it is responsible for blocking attackers from tricking the automatic update installer into downloading an older and more vulnerable version of the application.

Wardle discovered that attackers could bypass signature verification by naming their malware file in a certain way. And once logged in, they can gain root access and control the victim’s Mac. The Verge says Wardle disclosed the Zoom bug back in December 2021, but the patch he deployed contained another bug. This second vulnerability may have given attackers a way to bypass the security Zoom has set up to make sure the update delivers the latest version of the app. Wardle reportedly discovered it was possible to trick a tool that facilitates the distribution of Zoom updates into accepting an older version of the video conferencing software.

Zoom has already patched that flaw as well, but Wardle discovered another vulnerability, which he also presented at the conference. He discovered that there is a moment in time between the automatic installer checking the software package and the actual installation process that allows an attacker to inject malicious code into the update. A downloaded package meant to be installed can apparently retain its original read and write permissions, allowing any user to change it. This means that even non-root users can swap its contents with malicious code and gain control of the target computer.

The company told The Verge that it is now working on a patch for the new vulnerability disclosed by Wardle. However, as Wired points out, attackers must have pre-existing access to the user’s device in order to exploit these vulnerabilities. Even if there is no immediate danger to most people, Zoom advises users to “keep up to date with the latest version” of the app when one becomes available.